Archive for SharePoint Security

Securing SharePoint application pages (such as AllItems.aspx, etc.) from members within you organization

When “ViewFormPagesLockdown” won’t work for you and you still want your AllItems.aspx and other forms secured then you have to write some code.

Let me save you some steps, here is the code for a simple control that you can put at the top of a new master page which is a copy of default.master or any other customized master page you created.

This code will by default redirect anonymous users away from the page and will also only allow specified member groups (that you specify) to access the page.

public class SecureItem: WebControl {
private string mGrantGroups = “”;

public string GrantGroups {
get {
return mGrantGroups;
}
set {
mGrantGroups = value;
}
}

private string mRedirPage = “/”;

public string RedirPage {
get {
return mRedirPage;
}
set {
mRedirPage = value;
}
}
protected override void OnLoad(EventArgs e) {
string name = Context.User.Identity.Name;
if (name.Trim() == “”) Page.Response.Redirect(RedirPage, true);

if (GrantGroups.Trim() == “”) return;
string[] grps = GrantGroups.Split(“,”.ToCharArray());
bool doredir = true;
try {
for (int i = 0; i < grps.Length; i++)
if (grps[i].Trim() != “” && SPContext.Current.Web.IsCurrentUserMemberOfGroup(SPContext.Current.Web.Groups[grps[i].Trim()].ID)) doredir = false;

} catch (Exception ee) {
Page.Response.Write(ee.ToString());
doredir = false;
}
if (doredir) Page.Response.Redirect(RedirPage, true); // has to be outside of try catch
}
}

Your pages are secure now!